Add SSL support for freezer
This commit enable to send the certificate to support secure connections for freezer Implements bp: ssl-support Change-Id: I821ac837508351d9d84897c4c9a6ee651944dd32
This commit is contained in:
parent
4c8e31255d
commit
ab0157568a
|
@ -46,7 +46,9 @@ class ActionManager(object):
|
|||
|
||||
def delete(self, action_id):
|
||||
endpoint = self.endpoint + action_id
|
||||
r = requests.delete(endpoint, headers=self.headers, verify=self.verify)
|
||||
r = requests.delete(endpoint,
|
||||
headers=self.headers,
|
||||
verify=self.verify)
|
||||
if r.status_code != 204:
|
||||
raise exceptions.ApiClientException(r)
|
||||
|
||||
|
|
|
@ -43,7 +43,8 @@ class BackupsManager(object):
|
|||
|
||||
def delete(self, backup_id):
|
||||
endpoint = self.endpoint + backup_id
|
||||
r = requests.delete(endpoint, headers=self.headers, verify=self.verify)
|
||||
r = requests.delete(endpoint, headers=self.headers,
|
||||
verify=self.verify)
|
||||
if r.status_code != 204:
|
||||
raise exceptions.ApiClientException(r)
|
||||
|
||||
|
|
|
@ -130,7 +130,16 @@ def build_os_options():
|
|||
' "admin" or "adminURL". Defaults to '
|
||||
'env[OS_ENDPOINT_TYPE] or "public"',
|
||||
dest='os_endpoint_type'),
|
||||
|
||||
cfg.StrOpt('os-cert',
|
||||
default=env('OS_CERT'),
|
||||
help='Specify a cert file to use in verifying a TLS '
|
||||
'(https) server certificate',
|
||||
dest='os_cert'),
|
||||
cfg.StrOpt('os-cacert',
|
||||
default=env('OS_CACERT'),
|
||||
help='Specify a CA bundle file to use in verifying a TLS '
|
||||
'(https) server certificate. Defaults to',
|
||||
dest='os_cacert'),
|
||||
]
|
||||
|
||||
return osclient_opts
|
||||
|
@ -192,8 +201,9 @@ class Client(object):
|
|||
project_name=None,
|
||||
user_domain_name=None,
|
||||
project_domain_name=None,
|
||||
verify=True,
|
||||
cacert=False):
|
||||
cert=False,
|
||||
cacert=False,
|
||||
insecure=False):
|
||||
|
||||
self.opts = opts
|
||||
# this creates a namespace for self.opts when the client is
|
||||
|
@ -218,18 +228,25 @@ class Client(object):
|
|||
self.opts.os_user_domain_name = user_domain_name
|
||||
if project_domain_name:
|
||||
self.opts.os_project_domain_name = project_domain_name
|
||||
|
||||
# flag to initialize freezer-scheduler with insecure mode
|
||||
self.verify = verify
|
||||
if insecure:
|
||||
self.verify = False
|
||||
elif cacert:
|
||||
# verify arg in keystone sessions could be True/False/Path to cert
|
||||
self.verify = cacert
|
||||
else:
|
||||
self.verify = True
|
||||
if cert:
|
||||
self.opts.os_cert = cert
|
||||
|
||||
self._session = session
|
||||
self.version = version
|
||||
|
||||
self.backups = backups.BackupsManager(self, verify=verify)
|
||||
self.registration = registration.RegistrationManager(self, verify=verify)
|
||||
self.jobs = jobs.JobManager(self, verify=verify)
|
||||
self.actions = actions.ActionManager(self, verify=verify)
|
||||
self.sessions = sessions.SessionManager(self, verify=verify)
|
||||
self.backups = backups.BackupsManager(self, verify=self.verify)
|
||||
self.registration = registration.RegistrationManager(
|
||||
self, verify=self.verify)
|
||||
self.jobs = jobs.JobManager(self, verify=self.verify)
|
||||
self.actions = actions.ActionManager(self, verify=self.verify)
|
||||
self.sessions = sessions.SessionManager(self, verify=self.verify)
|
||||
|
||||
|
||||
@cached_property
|
||||
|
|
|
@ -46,7 +46,8 @@ class JobManager(object):
|
|||
|
||||
def delete(self, job_id):
|
||||
endpoint = self.endpoint + job_id
|
||||
r = requests.delete(endpoint, headers=self.headers, verify=self.verify)
|
||||
r = requests.delete(endpoint, headers=self.headers,
|
||||
verify=self.verify)
|
||||
if r.status_code != 204:
|
||||
raise exceptions.ApiClientException(r)
|
||||
|
||||
|
|
|
@ -45,7 +45,8 @@ class SessionManager(object):
|
|||
|
||||
def delete(self, session_id):
|
||||
endpoint = self.endpoint + session_id
|
||||
r = requests.delete(endpoint, headers=self.headers, verify=self.verify)
|
||||
r = requests.delete(endpoint, headers=self.headers,
|
||||
verify=self.verify)
|
||||
if r.status_code != 204:
|
||||
raise exceptions.ApiClientException(r)
|
||||
|
||||
|
|
|
@ -104,7 +104,8 @@ class ClientManager:
|
|||
region_name=options.region_name,
|
||||
insecure=self.insecure,
|
||||
endpoint_type=options.endpoint_type or 'publicURL',
|
||||
service_type="volume")
|
||||
service_type="volume",
|
||||
cacert=options.cert)
|
||||
return self.cinder
|
||||
|
||||
def create_swift(self):
|
||||
|
@ -122,7 +123,8 @@ class ClientManager:
|
|||
tenant_name=options.tenant_name,
|
||||
os_options=options.os_options,
|
||||
auth_version=self.swift_auth_version,
|
||||
insecure=self.insecure, retries=6)
|
||||
insecure=self.insecure, retries=6,
|
||||
cacert=options.cert)
|
||||
|
||||
if self.dry_run:
|
||||
self.swift = DryRunSwiftclientConnectionWrapper(self.swift)
|
||||
|
@ -149,7 +151,8 @@ class ClientManager:
|
|||
os_auth_url=options.auth_url,
|
||||
os_region_name=options.region_name,
|
||||
endpoint_type=options.endpoint_type,
|
||||
force_auth=False))
|
||||
force_auth=False,
|
||||
cacert=options.cert))
|
||||
|
||||
self.glance = gclient.Client(version="1",
|
||||
endpoint=endpoint, token=token)
|
||||
|
@ -170,7 +173,8 @@ class ClientManager:
|
|||
project_id=options.tenant_name,
|
||||
auth_url=options.auth_url,
|
||||
region_name=options.region_name,
|
||||
insecure=self.insecure)
|
||||
insecure=self.insecure,
|
||||
cacert=options.cert)
|
||||
|
||||
return self.nova
|
||||
|
||||
|
|
|
@ -16,17 +16,12 @@ limitations under the License.
|
|||
"""
|
||||
|
||||
import os
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log
|
||||
import sys
|
||||
|
||||
from oslo_config import cfg
|
||||
from oslo_log import log
|
||||
|
||||
from freezer import __version__ as FREEZER_VERSION
|
||||
|
||||
CONF = cfg.CONF
|
||||
_LOG = log.getLogger(__name__)
|
||||
|
||||
|
||||
|
||||
from freezer.apiclient import client as api_client
|
||||
from freezer import winutils
|
||||
|
||||
|
@ -36,6 +31,10 @@ else:
|
|||
DEFAULT_FREEZER_SCHEDULER_CONF_D = '/etc/freezer/scheduler/conf.d'
|
||||
|
||||
|
||||
CONF = cfg.CONF
|
||||
_LOG = log.getLogger(__name__)
|
||||
|
||||
|
||||
def getCommonOpts():
|
||||
scheduler_conf_d = os.environ.get('FREEZER_SCHEDULER_CONF_D',
|
||||
DEFAULT_FREEZER_SCHEDULER_CONF_D)
|
||||
|
@ -64,15 +63,15 @@ def getCommonOpts():
|
|||
'\n If not specified it will be automatically created \n'
|
||||
'using the tenant-id and the machine hostname.'),
|
||||
cfg.BoolOpt('no-api',
|
||||
default=False,
|
||||
dest='no_api',
|
||||
short='n',
|
||||
help='Prevents the scheduler from using the api service'),
|
||||
default=False,
|
||||
dest='no_api',
|
||||
short='n',
|
||||
help='Prevents the scheduler from using the api service'),
|
||||
cfg.BoolOpt('active-only',
|
||||
default=False,
|
||||
dest='active_only',
|
||||
short='a',
|
||||
help='Filter only active jobs/session'),
|
||||
default=False,
|
||||
dest='active_only',
|
||||
short='a',
|
||||
help='Filter only active jobs/session'),
|
||||
cfg.StrOpt('conf',
|
||||
default=scheduler_conf_d,
|
||||
dest='jobs_dir',
|
||||
|
@ -87,13 +86,14 @@ def getCommonOpts():
|
|||
help='Specifies the api-polling interval in seconds. '
|
||||
'Defaults to 60 seconds'),
|
||||
cfg.BoolOpt('no-daemon',
|
||||
default=False,
|
||||
dest='no_daemon',
|
||||
help='Prevents the scheduler from running in daemon mode'),
|
||||
default=False,
|
||||
dest='no_daemon',
|
||||
help='Prevents the scheduler from running in daemon mode'),
|
||||
cfg.BoolOpt('insecure',
|
||||
default=False,
|
||||
dest='insecure',
|
||||
help='Initialize freezer scheduler with insecure mode'),
|
||||
default=False,
|
||||
short='K',
|
||||
dest='insecure',
|
||||
help='Initialize freezer scheduler with insecure mode'),
|
||||
]
|
||||
|
||||
return common_opts
|
||||
|
|
|
@ -190,13 +190,13 @@ def main():
|
|||
return 65 # os.EX_DATAERR
|
||||
|
||||
apiclient = None
|
||||
verify = True
|
||||
insecure = False
|
||||
if CONF.insecure:
|
||||
verify = False
|
||||
insecure = True
|
||||
|
||||
if CONF.no_api is False:
|
||||
try:
|
||||
apiclient = client.Client(opts=CONF, verify=verify)
|
||||
apiclient = client.Client(opts=CONF, insecure=insecure)
|
||||
if CONF.client_id:
|
||||
apiclient.client_id = CONF.client_id
|
||||
except Exception as e:
|
||||
|
|
|
@ -32,7 +32,7 @@ class PySvc(win32serviceutil.ServiceFramework):
|
|||
# create an event to listen for stop requests on
|
||||
self.hWaitStop = win32event.CreateEvent(None, 0, 0, None)
|
||||
self.home = r'C:\.freezer'
|
||||
self.verify = True
|
||||
self.insecure = False
|
||||
|
||||
def SvcDoRun(self):
|
||||
"""Run the windows service and start the scheduler in the background
|
||||
|
@ -68,7 +68,7 @@ class PySvc(win32serviceutil.ServiceFramework):
|
|||
set_environment(self.home)
|
||||
|
||||
if os.environ.get('SERVICE_INSECURE'):
|
||||
self.verify = False
|
||||
self.insecure = True
|
||||
|
||||
# Add support for keystone v2 and v3
|
||||
credentials = {}
|
||||
|
@ -80,7 +80,7 @@ class PySvc(win32serviceutil.ServiceFramework):
|
|||
'auth_url': os.environ['OS_AUTH_URL'],
|
||||
'endpoint': os.environ['OS_BACKUP_URL'],
|
||||
'tenant_name': os.environ['OS_TENANT_NAME'],
|
||||
'verify': self.verify
|
||||
'insecure': self.insecure
|
||||
}
|
||||
elif os.environ['OS_IDENTITY_API_VERSION'] == 3:
|
||||
credentials = {
|
||||
|
@ -92,7 +92,7 @@ class PySvc(win32serviceutil.ServiceFramework):
|
|||
'project_name': os.environ['OS_PROJECT_NAME'],
|
||||
'user_domain_name': os.environ['OS_USER_DOMAIN_NAME'],
|
||||
'project_domain_name': os.environ['OS_PROJECT_DOMAIN_NAME'],
|
||||
'verify': self.verify
|
||||
'insecure': self.insecure
|
||||
}
|
||||
|
||||
client = freezer.apiclient.client.Client(**credentials)
|
||||
|
|
|
@ -39,7 +39,8 @@ class OpenstackOptions:
|
|||
"""
|
||||
def __init__(self, user_name, tenant_name, project_name, auth_url,
|
||||
password, identity_api_version, tenant_id=None,
|
||||
region_name=None, endpoint_type=None):
|
||||
region_name=None, endpoint_type=None, cert=None,
|
||||
insecure=False, verify=True):
|
||||
self.user_name = user_name
|
||||
self.tenant_name = tenant_name
|
||||
self.auth_url = auth_url
|
||||
|
@ -49,6 +50,9 @@ class OpenstackOptions:
|
|||
self.identity_api_version = identity_api_version
|
||||
self.region_name = region_name
|
||||
self.endpoint_type = endpoint_type
|
||||
self.cert = cert
|
||||
self.insecure = insecure
|
||||
self.verify = verify
|
||||
if not (self.password and self.user_name and self.auth_url and
|
||||
(self.tenant_name or self.project_name)):
|
||||
raise Exception("Please set up in your env:"
|
||||
|
@ -85,7 +89,8 @@ class OpenstackOptions:
|
|||
password=src_dict.get('OS_PASSWORD', None),
|
||||
tenant_id=src_dict.get('OS_TENANT_ID', None),
|
||||
region_name=src_dict.get('OS_REGION_NAME', None),
|
||||
endpoint_type=src_dict.get('OS_ENDPOINT_TYPE', None)
|
||||
endpoint_type=src_dict.get('OS_ENDPOINT_TYPE', None),
|
||||
cert=src_dict.get('OS_CERT', None)
|
||||
)
|
||||
|
||||
|
||||
|
|
|
@ -130,6 +130,8 @@ class TestClientMock(unittest.TestCase):
|
|||
'session': 'foxtrot',
|
||||
'endpoint': 'golf',
|
||||
'version': 'hotel',
|
||||
'cert': 'india',
|
||||
'insecure': 'juliet',
|
||||
'opts': Mock()}
|
||||
c = client.Client(**kwargs)
|
||||
self.assertIsInstance(c, client.Client)
|
||||
|
|
|
@ -24,7 +24,8 @@ class TestOsClients(unittest.TestCase):
|
|||
|
||||
fake_options = utils.OpenstackOptions(
|
||||
user_name="user", tenant_name="tenant", project_name="project",
|
||||
auth_url="url", password="password", identity_api_version="3")
|
||||
auth_url="url", password="password", identity_api_version="3",
|
||||
insecure=False, cert='cert', verify=True)
|
||||
|
||||
def test_init(self):
|
||||
osclients.ClientManager(self.fake_options, None, None, None)
|
||||
|
@ -45,7 +46,8 @@ class TestOsClients(unittest.TestCase):
|
|||
options = utils.OpenstackOptions(
|
||||
user_name="user", tenant_name="tenant", project_name="project",
|
||||
auth_url="url", password="password", identity_api_version="3",
|
||||
endpoint_type="adminURL")
|
||||
endpoint_type="adminURL", insecure=False, cert='cert',
|
||||
verify=True)
|
||||
client = osclients.ClientManager(options, None, None, None)
|
||||
client.create_swift()
|
||||
|
||||
|
|
Loading…
Reference in New Issue